General availability of Office 365 CDN

We are excited to announce updates on our Office 365 Public Content Delivery Network (CDN) capability with great new features comparing to previously released preview functionality. We are also announcing preview for the completely new Publishing Feature Auto-Rewrite integration along with Private CDN. Office 365 Public CDN is now updated and fully available for first release tenants, with gradual release for normal tenants.

We are interested on your feedback and comments around this capability, so please use Microsoft Tech Community to provide input around this these new capabilities.

Office 365 Public CDN Overview

Following picture defines the logical flow with Office 365 Public CDN

Logical architecture for public CDN

  1. Administrator enables Office 365 Public CDN for the tenant using SharePoint Online Management Shell.
  2. Static assets to be shared from CDN are uploaded to the SharePoint libraries, which are enabled as CDN origins.
  3. Assets are being exposed from the configured libraries and folders and they can be accessed using CDN URLs.
  4. URLs pointing to CDN location are available to be used in the SharePoint sites and in the customizations hosted from SharePoint.

Public CDN URLs for the assets are static and are not changed after the asset has been located to the CDN origin. You can either hard-code Public CDN URLs or leverage the Publishing Feature integration to get Auto-Rewriting to CDN URL.

Office 365 Private CDN with Publishing Auto-Rewriting Overview

Following picture defines the logical flow with Office 365 Private CDN, which is now in preview status and available from tenants with first release status.

Logical architecture for private CDN

  1. Administrator enables Office 365 Public CDN for the tenant using SharePoint Online Management Shell
  2. Static assets to be shared from CDN are uploaded to the SharePoint libraries, which are enabled as CDN origins
  3. Assets are available for being exposed through the CDN service when they are in the CDN origin for the Private CDN
  4. When pages, with assets in the CDN origins, are being requested, SharePoint automatically rewrites the URLs point to the CDN URLs, so that client side browser is requesting these assets using CDN location
  5. Assets being shared from the CDN origin must have a major version published and user access to these assets is being considered when the URL rewriting happens

The Private CDN URLs are dynamically generated by SharePoint Online. The Private CDN URL can only be generated if user has read permissions to the CDN origin (specifically the folder containing the asset). The Private CDN Urls contain tokens on the query string that are used to grant access to the asset. Having the Private CDN Url (with the tokens) is similar to having the asset itself. The tokens used to grant access are will expire after 1 hour.  We ensure that the same asset will generate the same tokens across multiple requests with that 1 hour, this allows the browser cache to be leveraged during a user session.

Publishing Feature Auto-Rewriting to CDN URLs

One of the key scenarios we see for the Public / Private CDN feature is Intranet Portals. These sites often have lots of custom JS, CSS and Images. The Public / Private CDN feature will help improve the latency of these sites because the CDN assets are geo distributed so they are cached closer to the user and the CDN domain supports the HTTP/2 protocol which provides parallel downloading. This means we are no longer limited to 6 ports per domain like with HTTP/1.1.

To help customers take advantage of the CDN features without needing to rewrite their existing Portals, we integrated the Publishing Feature with the Public/Private CDN Feature. The Auto-Rewriting is also required to use the Private CDN features as those Urls are dynamically generated and cannot be hard-coded like Public CDN URLs.

Here is a summary of what Publishing Auto-Rewriting supports today for assets that are in CDN Origin Libraries.

  • IMG/LINK/CSS URLs in the classic publishing page HTML Response are rewritten to CDN Urls.
    • This includes Images added by authors in the HTML Content of a Page. This is a great scenario for Private CDN Origins.
    • To enabled developer scenarios where you do NOT want CDN urls, you can disable by:
      • Checkout the Page (we do not rewrite when the page is checkout to current user)
      • provide the query string parameter ?NoAutoReWrites=true
  • Content By Search WebPart assets are rewritten to CDN URLs.
    • Display Templates JS files
    • Images in Query Results - We currently support the following OOTB Managed Properties, (PictureUrl, PictureThumbnailUrl, PublishingImage)
  • Picture Library SlideShow webpart image URLs are rewritten to CDN URLs.

  • Image fields in SPList REST API (RenderListDataAsStream) results being rewritten to CDN Urls.
    • Use the new property ImageFieldsToTryRewriteToCdnUrls to provide a comma separated list of Fields.
    • Supports Hyperlink Fields (Picture or Link) and PublishingImage Fields.
  • SharePoint Image renditions are supported and will translate to CDN URL.

If you have suggestions for other features or web parts you would like to support CDN Auto-Rewriting, let us know and we will add them to our backlog. You can provide use input on the capability using Microsoft Tech Community.

New PowerShell cmdlets for CDN management

We have collected lot of feedback during the developer preview stage and have adjusted the implementation also on the PowerShell cmdlet side accordingly. Here are the new cmdlets related on the CDN capability.

Detailed documentation for these cmdlets will be available from the SharePoint Online PowerShell cmdlet documentation soon after this blog post was released.

Get / Set-SPOTenantCdnEnabled

Enables private or public CDN using default settings. Can be also used to disable private or public CDN.

Notice that when you are enabling CDN, it will be default enable default origins for the specific CDN type. If you do not want to do this, you can use -NoDefaultOrigins parameter when you execute Set-SPOTenantCdnEnabled cmdlet. 

Get / Add /Remove-SPOTenantCdnOrigin(s)

Can be used to Get, Add and Remove CDN origins. Origins now support wildcards prepended to the Url. This allows you to create Origins that apply across sites. For example, an origin of “*/masterpage” would make the Master Page Gallery in all Sites available as CDN Origins.

  • The */ can only be present in the beginning of the path, matching on any number of URL segments.
  • The path does NOT have to be pointing to a doc library. If someone wanted to enable */site1, they can do so, and it will match on all the doc libraries under the site.

Get-SPOTenantCdnPolicies

Can be used to see current settings around the CDN policies for both public and private CDN. This cmdlet will return current configuration for the tenant policies.

Set-SPOTenantCdnPolicy

Can be used to configure tenant policies for both public and private CDN. You can use this one cmdlet for controlling following settings:

  • IncludeFileExtensions – File extensions which are enabled for CDN capability
  • ExcludeRestrictedSiteClassifications – You can use this to control possible exclusions for the CDN usage based on site classification (Site.Classification). This is useful when you are using wildcard origins, but want to exclude some sites from being CDN origins.
  • ExcludeIfNoScriptDisabled – Can be used to exclude CDN capability if NoScript setting is disabled. This feature is still in testing and is not enabled at the time of writing this post.

Video on getting started with Office 365 CDN

Following video shows how to get started with Office 365 CDN from administration perspective. It demonstrates different commands and their usage with Office 365 tenant. 

You can also view this video from the SharePoint Patterns and Practices video channel at http://aka.ms/sppnp-videos.

Using Office 365 CDN in SharePoint Online

Here are the steps to get started with the Office 365 CDN.


Connect-SPOService -Url https://vesaj-admin.sharepoint.com

  • Get status of the CDN settings from tenant level

Get-SPOTenantCdnEnabled -CdnType Public / Private

  • Enable CDN in the tenant

Set-SPOTenantCdnEnabled -CdnType Public / Private
...

Public CDN enabled locations:
*/MASTERPAGE
*/STYLE LIBRARY

  • Disable CDN in the tenant

Set-SPOTenantCdnEnabled -CdnType Public / Private -Enable $false

  • Get default configuration of your public CDN settings

Get-SPOTenantCdnPolicies -CdnType Public
...

Key Value
--- -----
IncludeFileExtensions CSS,EOT,GIF,ICO,JPEG,JPG,JS,MAP,PNG,SVG,TTF,WOFF
ExcludeRestrictedSiteClassifications
ExcludeIfNoScriptDisabled False

  • Add new CDN origin

Add-SPOTenantCdnOrigin -CdnType Public -OriginUrl sites/cdn/cdn
...

Public CDN enabled locations:
*/MASTERPAGE
*/STYLE LIBRARY
SITES/CDN/CDN (configuration pending)

  • See the list of CDN origins

Get-SPOTenantCdnOrigins -CdnType Public
...

*/MASTERPAGE
*/STYLE LIBRARY
SITES/CDN/CDN

  • Remove CDN origin

Remove-SPOTenantCdnOrigin -CdnType Public -OriginUrl sites/cdn/cdn
...

Public CDN enabled locations:
*/MASTERPAGE
*/STYLE LIBRARY

Usage of Public CDN in SharePoint pages and in customizations

Assets hosted in public CDN origins can be accessed using well-known URL structure, which can be then referenced in your customizations, for example as hosting location for your SharePoint Framework client-side web part JavaScript files.

Format of public CDN URL is following


https://publiccdn.sharepointonline.com/<tenant host name>/sites/site/library

You cannot use private CDN URLs automatically in your customizations since these URLs are dynamically generated by SharePoint. 

Frequently asked questions

Is there a cost associated on the CDN usage?

No. This CDN capability is included as a standard service as part of your Office 365 subscription. There are no additional costs involved on taking it into use.

Is CDN capability automatically enabled in my tenant?

No. You'll need to explictily enable CDN capabilities in your tenant using SharePoint Online Management PowerShell cmdlets.

Can I use this CDN from outside of SharePoint Online?

No. There is referrer filtering on the CDN URL requests. You can only reference assets from the CDN URLs when request is coming from SharePoint Online.

How can I validate CDN URL configuration?

You can perform CDN URL validation in Fiddler if you include correct referrer header for your request.


Add header “Referer: https://contoso.sharepoint.com” to the GET request

Alternatively you can manually create an URL pointing to an image in public CDN and reference that in SharePoint pages.

Once assets are published to the library, how soon can they be accessed via CDN?

There is a 15 minute delay to after adding a new Origin. Once assets are published in the Library they can be immediately requested using the CDN URL.

If I updated my assets in SharePoint site, will they be automatically refreshed in CDN?

Yes. We trigger a background work item to invalidate the CDN asset. Depending on the length of the queue this can take between 15 minutes to 1 hour.

Can I use CDN to host my SharePoint Framework client-side web part files?

Yes. You can use Public CDN to host your SharePoint Framework client-side web part files. You can enable CDN in your tenant and configure the right hosting location in client-side web part manifest. You cannot use however Private CDN for hosting (at least at the moment) since URL for that is not static. If you do not want to have these files anonymously exposed through CDN, you can also host them directly in SharePoint library with needed authentication. This would however mean that you would not have advantage of the performance improvements provided by CDN service. You can follow specific tutorial for the SharePoint Framework around hosting client-side web parts from Office 365 CDN.

Can I use both Public and Private CDN at the same time?

Yes, a common scenario is to use Public CDN for Design Assets (JS/CSS) that can be centrally managed to ensure they meets your requirements for Public CDN. Then use Private CDN for Author Content like Images.

What are the default file types for assets to be shared through CDN?

Public and private CDN have slightly different configuration, which is defined below.

  • Public – .css, .eot, .gif, .ico, .jpeg, .jpg, .js, .map, .png, .svg, .ttf, and .woff
  • Private – .gif, .ico, .jpeg, .jpg, .js, and .png

How would I know that my assets are coming from private CDN?

You can see private CDN specific assets from the page source. They will have following URL structure.


https://privatecdn.sharepointonline.com/tenant/sites
/site/library/item

I have enabled private CDN, but my assets seems to be referenced using normal URLs, what could be wrong?

Asset needs to have a published major version, so that it's being automatically handled by the auto-rewrite capability. Double check that you have published version available from library defined as CDN origin. 

Can I enable CDN without default origins?

Yes. You can use -NoDefaultOrigins parameter with the Set-SPOTenantCdnEnabled cmdlet. This means that default CDN origins are not enabled by default. 

Can I manually construct the URL for the static assets?

Yes, but only for public CDN. You can simply add public CDN URL as a prefix for the URL and construct the URL easily to point to a single file in library or folder.


https://publiccdn.sharepointonline.com/<tenant host name>/sites/site/library

Questions or feedback

Please do provide us feedback on the CDN capability in the SharePoint Developer space under Microsoft Tech Community. You can use this same forum also for any question around the provided capability.

“Sharing is caring”


Vesa Juvonen, Senior Program Manager, OneDrive-SharePoint engineering, Microsoft - 21st of April 2017